Re: Authorization Manager (AzMan) and non-Windows users

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/25/05

Next message: Knox: "Re: QuickBooks and its users"
Previous message: Roger Abell: "Re: Has my DC been hacked?"
In reply to: A Mackie: "Authorization Manager (AzMan) and non-Windows users"
Next in thread: A Mackie: "Re: Authorization Manager (AzMan) and non-Windows users"
Reply: A Mackie: "Re: Authorization Manager (AzMan) and non-Windows users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 24 Mar 2005 23:34:40 -0700

Doesn't it depend on which schemas you have in use?
AFAIK one can use applicatively defined (web app internal)
identities, and have these grouped for role associations, which
then lets them assume a Windows identity used for the role
when needed to go to resources.

-- 
Roger Abell
Microsoft MVP (Windows  Security)
"A Mackie" <andrew@mackie14.freeserve.co.uk> wrote in message
news:xn0e04y80bj4f4000@news.microsoft.com...
> Windows Authorization Manager works well when assigning windows users to
> roles. Can it be used in a similar way for non-Windows users ? (i.e.
external
> browser users)
>
> I believe you can programmatically add custom ID's into Azman via it's
API.
> However, you then lose the ability to use the GUI tool to manage those
custom
> ID's and assign them to roles ?
>
> One thought was to use certificate mapping, to map external browser users
to
> one or more Windows user-IDs, each windows ID representing a class of
> external users. The Windows user-ID(s) can then be assigned to roles in
Azman
> using its GUI, so providing a fine-grained permissions system for
non-Windows
> users.
>
> Any thoughts on this scenario ?
>
> Thanks,
> Andy Mackie.

Next message: Knox: "Re: QuickBooks and its users"
Previous message: Roger Abell: "Re: Has my DC been hacked?"
In reply to: A Mackie: "Authorization Manager (AzMan) and non-Windows users"
Next in thread: A Mackie: "Re: Authorization Manager (AzMan) and non-Windows users"
Reply: A Mackie: "Re: Authorization Manager (AzMan) and non-Windows users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Separate email accounts suddenly joined - help!
... there is only one Windows Address ... This step is very important when multiple Identities are in use. ... I have two email accounts on OE and after the transfer, all of my address contacts from both accounts and stored messages from both accounts all went into ONE. ... How can I separate these? ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: OE goes on strike changing identities
... Is the machine fully up-to-date at Windows Update? ... One or more of your current Identities may be damaged ... This patch will be included in the next Cumulative Update for Outlook Express/WinXP SP2. ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: Links Dont Work
... Bruce, the Frank Saunders page that you suggested referenced a Sandi ... suggested repairing IE. ... Identities and right click and delete that identity. ... Open Windows Explorer. ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: OE & XP - Identities vs User
... Once everybody has their old messages, delete the three unneeded identities ... Mail Folders, Address Book, Messages Missing After Upgrade to XP ... Upgrade Windows 98 or Windows Millennium Edition Profiles to Windows ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: Do you have to have 2 identies? (COMCAST)
... outlook express does support multiple identities. ... windows support multiple logons. ... outlook express identity for each windows logon user. ...
(alt.sys.pc-clone.dell)